CVE-2022-21448: 
Oracle Business Intelligence Enterprise Edition (OBIEE) vulnerability analysis and mitigation

Vulnerability in Oracle Business Intelligence Enterprise Edition (OBIEE) version 5.9.0.0.0 allows unauthenticated attackers with network access via HTTP to compromise the system. The vulnerability requires human interaction from a person other than the attacker. While the vulnerability exists in OBIEE, successful exploitation may significantly impact additional products. (Oracle Advisory)

The vulnerability has a CVSS 3.1 Base Score of 6.1 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates the attack requires network access, low attack complexity, no privileges, and user interaction, with a changed scope and low impacts to confidentiality and integrity (Oracle Advisory, NVD).

Successful exploitation can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data, as well as unauthorized read access to a subset of OBIEE accessible data (NVD).

Oracle has released patches to address this vulnerability as part of the April 2022 Critical Patch Update. Users should apply the security patches without delay to protect their systems (Oracle Advisory).